gpt4 book ai didi

docker - 通过 NodePort 导出服务

转载 作者:行者123 更新时间:2023-12-02 20:45:53 27 4
gpt4 key购买 nike

我正在关注这个示例,以便使用 Kubernetes 创建一个 Docker 注册表:
https://robertbrem.github.io/Microservices_with_Kubernetes/03_Docker_registry/01_Setup_a_docker_registry/

我正在使用Minikube,以这种方式开始

 minikube start --vm-driver=none

它有效,我可以从 minikubeNode:30500 访问它.

现在我重启了 minikube所在的电脑已安装,我无法再访问 docker registry ,即使 POD正在运行,服务定义和之前一样。

我的服务:
apiVersion: v1
kind: Service
metadata:
name: registro
labels:
name: registro
spec:
ports:
- port: 5001
targetPort: 5000
nodePort: 30500
selector:
apl: registro
type: NodePort

我的部署:
apiVersion: apps/v1
kind: Deployment
metadata:
name: registro
spec:
replicas: 1
selector:
matchLabels:
apl: registro
template:
metadata:
labels:
apl: registro
spec:
containers:
- resources:
name: registry
image: registry:2
ports:
- name: registry-port
containerPort: 5000
volumeMounts:
- mountPath: /var/lib/registry
name: img
- mountPath: /certs
name: certs
- mountPath: /auth
name: auth
env:
- name: REGISTRY_AUTH
value: "htpasswd"
- name: REGISTRY_AUTH_HTPASSWD_REALM
value: "Registry Realm"
- name: REGISTRY_AUTH_HTPASSWD_PATH
value: /auth/htpasswd
- name: REGISTRY_HTTP_TLS_CERTIFICATE
value: /certs/fullchain.pem
- name: REGISTRY_HTTP_TLS_KEY
value: /certs/privkey.pem
volumes:
- name: img
hostPath:
path: /home/ema/adm/docker/registro/img
- name: certs
hostPath:
path: /home/ema/adm/docker/registro/certs
- name: auth
hostPath:
path: /home/ema/adm/docker/registro/auth

当前集群 IP:
# kubectl cluster-info
Kubernetes master is running at https://10.129.3.44:8443
KubeDNS is running at https://10.129.3.44:8443/api/v1/namespaces/kube-system/services/kube-dns:dns/proxy

我的 POD:
# kubectl describe pods
Name: registro-6b657796b-fx9jf
Namespace: default
Priority: 0
PriorityClassName: <none>
Node: minikube/10.129.3.44
Start Time: Fri, 18 Jan 2019 10:17:04 +0100
Labels: apl=registro
pod-template-hash=6b657796b
Annotations: <none>
Status: Running
IP: 172.17.0.4
Controlled By: ReplicaSet/registro-6b657796b
Containers:
registry:
Container ID: docker://1b8ab87d5fd7602ee671abc1a6ebffdbcdc4c6d8892c174f83dea8cd4ee722a9
Image: registry:2
Image ID: docker-pullable://registry@sha256:1cd9409a311350c3072fe510b52046f104416376c126a479cef9a4dfe692cf57
Port: 5000/TCP
Host Port: 0/TCP
State: Running
Started: Fri, 18 Jan 2019 13:03:25 +0100
Last State: Terminated
Reason: Error
Exit Code: 137
Started: Fri, 18 Jan 2019 10:17:06 +0100
Finished: Fri, 18 Jan 2019 13:02:55 +0100
Ready: True
Restart Count: 1
Environment:
REGISTRY_AUTH: htpasswd
REGISTRY_AUTH_HTPASSWD_REALM: Registry Realm
REGISTRY_AUTH_HTPASSWD_PATH: /auth/htpasswd
REGISTRY_HTTP_TLS_CERTIFICATE: /certs/fullchain.pem
REGISTRY_HTTP_TLS_KEY: /certs/privkey.pem
Mounts:
/auth from auth (rw)
/certs from certs (rw)
/var/lib/registry from img (rw)
/var/run/secrets/kubernetes.io/serviceaccount from default-token-9b46l (ro)
Conditions:
Type Status
Initialized True
Ready True
ContainersReady True
PodScheduled True
Volumes:
img:
Type: HostPath (bare host directory volume)
Path: /home/ema/adm/docker/registro/img
HostPathType:
certs:
Type: HostPath (bare host directory volume)
Path: /home/ema/adm/docker/registro/certs
HostPathType:
auth:
Type: HostPath (bare host directory volume)
Path: /home/ema/adm/docker/registro/auth
HostPathType:
default-token-9b46l:
Type: Secret (a volume populated by a Secret)
SecretName: default-token-9b46l
Optional: false
...

我的服务:
# kubectl describe service registro
Name: registro
Namespace: default
Labels: name=registro
Annotations: <none>
Selector: apl=registro
Type: NodePort
IP: 10.101.157.80
Port: <unset> 5001/TCP
TargetPort: 5000/TCP
NodePort: <unset> 30500/TCP
Endpoints: 172.17.0.4:5000
Session Affinity: None
External Traffic Policy: Cluster
Events: <none>

Pod IP 正在工作:

# curl 172.17.0.4:5000



集群 IP 没有提示但仍然卡住:

# curl 10.101.157.80:5001



节点端口 IP 不起作用:

# curl 10.129.3.44:30500 curl: (7) Failed connect to 10.129.3.44:30500



为什么我无法从节点访问我的服务?

如何诊断正在发生的事情?

更新 1

启动时 minikube这样:
minikube start --vm-driver none

我收到以下警告:
[WARNING Hostname]: hostname "minikube" could not be reached
[WARNING Hostname]: hostname "minikube" lookup minikube on 10.126.20.16:53: server misbehaving
[WARNING DirAvailable--data-minikube]: /data/minikube is not empty
....
Error creating PKI assets: failed to write certificate "apiserver-kubelet-client": certificate apiserver-kubelet-client is not signed by corresponding CA
....
.: exit status 1

我不知道它们是否有意义,但我不喜欢 exit status 1 .

最佳答案

使用 minikube start --vm-driver=none 正确进行端口转发你必须安装socat .
只需尝试以下脚本,它对我来说工作正常。

  • 安装 kubectl、socat 和 docker。
  • apt-get update && apt-get install -y apt-transport-https
    curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | apt-key add -
    cat <<EOF >/etc/apt/sources.list.d/kubernetes.list
    deb http://apt.kubernetes.io/ kubernetes-xenial main
    EOF
    apt-get update
    apt-get install -y kubectl socat docker.io --allow-unauthenticated
  • 下载最新 Minikube
  • curl -Lo minikube https://storage.googleapis.com/minikube/releases/v0.33.0/minikube-linux-amd64 && chmod +x minikube && sudo cp minikube /usr/local/bin/ && rm minikube
  • 启动 Minikube 集群。
  • minikube config set embed-certs true
    minikube start --vm-driver none

    您必须运行 minikube start --vm-driver none仅限 root 用户。

    关于docker - 通过 NodePort 导出服务,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/54289055/

    27 4 0
    Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
    广告合作:1813099741@qq.com 6ren.com